black and white podium with ranking of 1, 2 and 3
PHOTO: Joshua Golde on Unsplash

Given the conflict in Europe and the threat of attack in all shapes and forms, not least cyberattacks, it is unsurprising to see that many enterprises in the digital workplace have been focusing on the security of their systems.

Although the timing of its release is coincidental, Itasca, Ill.-based Flexera’s 2022 State of the Cloud report serves to underline those concerns. It found that security was the top concern among the 753 survey respondents, followed by managing organizational spending on cloud computing, and lack of resources and expertise. Flexera conducted the survey in late 2021.

Lack of expertise has been an ongoing problem for vendors operating in the cloud. The fact they remain concerned about security shows that despite widespread adoption, cloud computing still does not sit well with many managers.

But enterprises have taken to the cloud for good reason. "The cloud helps enterprises scale, be more agile, increase revenue and achieve business goals," said Brian Adler, senior director of cloud market strategy at Flexera, in a statement. "We have seen that cloud adoption has been expanding for the past few years, with a great acceleration by the pandemic. However, in the post-pandemic world that we are shaping, we're seeing new trends coming into focus."

Keep in mind that Flexera is a SaaS-based IT management solutions provider focused on digital transformation, so there is a bias there. That aside, the research included some interesting highlights: 

  • Cloud costs continue to grow, and the amount of waste remains high.
  • Organizations are over budget for cloud spend by an average of 13% and are expecting cloud spending to rise by 29% over the next year.
  • Organizations waste 32% of cloud spend, according to survey respondents.

Two findings from the report have a direct impact on the digital workplace. First, security is the top challenge for more advanced users who rely heavily on the cloud, while lack of resources and expertise is the top challenge for beginners who use the cloud more lightly.

According to the report, regardless of cloud usage level, challenges such as managing bring your own license (BYOL), cloud spending, migration and governance are also significant obstacles. As cloud estates expand, companies need better governance controls to maintain visibility. Expansion also leads to more compliance mandates.

The other finding is that Azure is gaining ground on AWS. This is particularly true for small- and medium-sized businesses who are still going with AWS, though adoption was down, from 72% to 69% year over year. These smaller businesses are slowly developing a taste for Azure, with usage moving from 48% to 59%. Larger enterprises saw Azure pull ahead of AWS. The number of enterprises using Azure now stands at 80%, up from 76% the year before. Amazon dipped down to 77% from the previous year's 79% adoption figure. When it comes to spending, 53% of enterprise Azure users spend at least $1.2 million annually, compared with 52% for AWS. 

It should come as no surprise that security is the top consideration for most organizations and that Azure, given the ongoing push from Microsoft, is gaining traction. There are other cloud players, including Google, Alibaba, VMware and IBM, so there are many options. And although Azure is gaining ground, AWS’ position seems secure for now.

Box Strengthens Security Shield

A number of other vendors also announced upgrades or new releases to reassure customers about the safety of their data and their digital workplaces.

The most recent of these comes from Box, which announced the release of new automated malware detection and controls in Box Shield. Box Shield is the Redwood City, Calif.-based company's security offering that detects when accounts have been compromised and there is an insider threat.

These new capabilities, which are expected to be available at the end of April, expand Box Shield’s threat detection beyond suspicious user behavior to protect customers from malicious content uploaded to Box. The upgrades will enable:

  • Preview and online editing of files in Box while displaying the security risk to end users.  
  • Automatically restrict downloading and sharing of malicious files to prevent the spread to more users and devices.  
  • Generate alerts to notify security teams when a file uploaded to Box contains malware.

The importance of these upgrades to Box users cannot be overestimated, especially after two years of remote working where people are now collaborating from more devices and remote locations. It also reflects the growing cost of security and data breaches.

According to a 2021 IBM report, data breach costs rose from $3.86 million to $4.24 million between 2020 and 2021, the highest average total cost in the history of their reporting. Costs were significantly lower for organizations with a more mature security posture and higher for organizations that lagged in security, AI and automation, zero trust and cloud security. More to the point, the average cost was $1.07 million higher in breaches where remote work was a factor in causing the breach (17.5% of cases) compared to those where remote work was not a factor. It is pretty much a sure thing that the cost will have increased again by the time the report comes out again later this year.

Box's growth shows why security is a growing concern. Q4 2021 figures show the company grew its paying customer base to more than 92,000 organizations, including new or expanded deployments. According to the company, Shield is the fastest growing new product in the company’s history. 

Box also announced the general availability of a number of products, including Box for G Suite Integration, as well as an expanded integration with VMware that aims to provide a more seamless, efficient experience for customers working with content in Box Drive on VMware App Volumes.

With growth expected to continue over the year, reassuring customers about data security is key. Box is hoping these upgrades will offer just that.

Google Buys Mandiant From Under the Nose of Microsoft

Google has also been stomping around the digital security space this week, and announced that it is buying Reston, Va.-based Mandiant for $5.4 billion. After closing the deal, Mandiant will join Google Cloud.

Google Cloud is another company that has made security the cornerstone of its commitment to customers, building cloud-native security into the foundation of its technology to block malware, phishing attempts and potential cyberattacks at scale. This is where the Mandiant acquisition comes into play. 

The acquisition will complement Google Cloud’s existing strengths in security. With Mandiant, Google Cloud will deliver an end-to-end security operations suite as well as advisory services to help customers address security challenges. Specifically, this means Google will offer Mandiant Advantage SaaS platform as part of the Google Cloud security portfolio. 

There is another aspect of the acquisition. Last month, we reported on the rumors suggesting that Microsoft was in talks to buy Mandiant. While it's not possible to confirm, it's likely that Microsoft was interested. 

Mandiant first grabbed the spotlight in February 2013 when it released a report directly implicating China in cyber-espionage. Then, in December 2013, Mandiant was acquired by FireEye in a stock and cash deal worth in excess of $1 billion. FireEye changed its corporate name and relaunched as Mandiant last fall.

More to the point, the company was credited with helping Microsoft discover the SolarWinds hack that attacked government systems last year. So clearly Microsoft had a reason to buy. Google, however, beat it to the punch. There’s no surprise there either. Google has been building up its security business for the cloud, and Mandiant has the goods and the reputation. All that remains to be seen now is what Google does next in cloud security.

The acquisition is subject to the usual closing conditions, including the receipt of Mandiant stockholder and regulatory approvals, and is expected to close later this year.

IBM Buys Neudesic

IBM has also been out shopping. This week, the Armonk, NY-based company announced it has bought Irving, Calif-based Neudesic, a US cloud services consultancy specializing primarily in the Microsoft Azure platform. This acquisition will expand IBM's portfolio of hybrid multi-cloud services and advance the company's hybrid cloud and AI strategy.

With Neudesic, IBM has now acquired more than 20 companies, 12 in IBM Consulting alone, since Arvind Krishna became CEO in April 2020. The Neudesic buy builds upon IBM's prior acquisitions of cloud transformation capability specialists, including Sentaca, SXiQ, BoxBoat, Nordcloud and Taos. 

The ability to accelerate digital transformation through application development, modernization and data capabilities through the cloud plays a significant role in companies achieving their operational goals. The challenge for many is they are facing an acute cloud-native skills shortage. According to IBM, Microsoft Azure is key to many of its clients' ability to modernize and adding Neudesic brings in Azure cloud, data engineering and data analytics expertise.

Neudesic has more than 1,500 cloud and data experts located across the US and India, and provides a range of digital transformation services across advisory, application development, cloud migration, DevOps, integration, data engineering, data visualization and hyperautomation. Neudesic's cloud and data consultants will join IBM Consulting's growing hybrid cloud services business.

Blink Raises Money for Low-Code Cloud Ops Offering

Finally this week, Blink, a no-code/low-code platform for cloud operations, came out of stealth mode with the announcement it has raised $26 million in funding.

Blink gives teams a managed workspace for creating reusable playbooks to automate everyday cloud and security tasks with little to no code. Using Blink’s no-code/low-code user interface, developers can access integrations with thousands of APIs and popular cloud tools, and a library of prebuilt DevOps and SecOps automation templates.

The Tel Aviv, Israel-based company will use the money to build out its team and develop new integrations. It will also start building a community for DevOps professionals to share solutions and collaborate together.